{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-6.17.0-6-generic", "linux-modules-6.17.0-6-generic" ], "removed": [ "linux-image-6.17.0-5-generic", "linux-modules-6.17.0-5-generic" ], "diff": [ "apparmor", "distro-info-data", "dpkg", "intel-microcode", "libapparmor1", "libdrm-common", "libdrm2", "linux-image-virtual", "rust-coreutils", "snapd", "sudo-rs", "ubuntu-drivers-common" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8", "version": "5.0.0~alpha1-0ubuntu8" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "cves": [], "launchpad_bugs_fixed": [ 2122161 ], "changes": [ { "cves": [], "log": [ "", " * Add patch to fix Flatpak breakage caused by fusermount3 denials", " (LP: #2122161):", " - d/p/u/profiles-add-rules-to-fix-flatpaks-with-fuse3-17.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2122161 ], "author": "Ryan Lee ", "date": "Thu, 09 Oct 2025 10:44:07 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.66", "version": "0.66" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.66ubuntu0.1", "version": "0.66ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2126961 ], "changes": [ { "cves": [], "log": [ "", " * Update the bookworm EoL", " * Add Ubuntu 26.04 LTS \"Resolute Raccoon\" (LP: #2126961)", "" ], "package": "distro-info-data", "version": "0.66ubuntu0.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2126961 ], "author": "Florent 'Skia' Jacquet ", "date": "Fri, 10 Oct 2025 10:43:53 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "dpkg", "from_version": { "source_package_name": "dpkg", "source_package_version": "1.22.21ubuntu3", "version": "1.22.21ubuntu3" }, "to_version": { "source_package_name": "dpkg", "source_package_version": "1.22.21ubuntu3.1", "version": "1.22.21ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2128606 ], "changes": [ { "cves": [], "log": [ "", " * Copy across the architecture variant (LP: #2128606)", "" ], "package": "dpkg", "version": "1.22.21ubuntu3.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2128606 ], "author": "Julian Andres Klode ", "date": "Thu, 16 Oct 2025 18:46:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "intel-microcode", "from_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20250512.1ubuntu1", "version": "3.20250512.1ubuntu1" }, "to_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20250812.0ubuntu0.25.10.1", "version": "3.20250812.0ubuntu0.25.10.1" }, "cves": [ { "cve": "CVE-2025-20109", "url": "https://ubuntu.com/security/CVE-2025-20109", "cve_description": "Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22840", "url": "https://ubuntu.com/security/CVE-2025-22840", "cve_description": "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22839", "url": "https://ubuntu.com/security/CVE-2025-22839", "cve_description": "Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22889", "url": "https://ubuntu.com/security/CVE-2025-22889", "cve_description": "Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-21090", "url": "https://ubuntu.com/security/CVE-2025-21090", "cve_description": "Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-20053", "url": "https://ubuntu.com/security/CVE-2025-20053", "cve_description": "Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-24305", "url": "https://ubuntu.com/security/CVE-2025-24305", "cve_description": "Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-26403", "url": "https://ubuntu.com/security/CVE-2025-26403", "cve_description": "Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-32086", "url": "https://ubuntu.com/security/CVE-2025-32086", "cve_description": "Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-20109", "url": "https://ubuntu.com/security/CVE-2025-20109", "cve_description": "Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22840", "url": "https://ubuntu.com/security/CVE-2025-22840", "cve_description": "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22839", "url": "https://ubuntu.com/security/CVE-2025-22839", "cve_description": "Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-22889", "url": "https://ubuntu.com/security/CVE-2025-22889", "cve_description": "Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-21090", "url": "https://ubuntu.com/security/CVE-2025-21090", "cve_description": "Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-20053", "url": "https://ubuntu.com/security/CVE-2025-20053", "cve_description": "Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-24305", "url": "https://ubuntu.com/security/CVE-2025-24305", "cve_description": "Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-26403", "url": "https://ubuntu.com/security/CVE-2025-26403", "cve_description": "Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" }, { "cve": "CVE-2025-32086", "url": "https://ubuntu.com/security/CVE-2025-32086", "cve_description": "Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.", "cve_priority": "medium", "cve_public_date": "2025-08-12 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: New upstream microcode datafile 20250812", " - Updated microcodes:", " sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248", " sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056", " sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664", " sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896", " sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288", " sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400", " sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072", " sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880", " sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256", " sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896", " sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112", " sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224", " sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224", " - CVE-2025-20109 (INTEL-SA-01249)", " - CVE-2025-22840 (INTEL-SA-01308)", " - CVE-2025-22839 (INTEL-SA-01310)", " - CVE-2025-22889 (INTEL-SA-01311)", " - CVE-2025-21090 (INTEL-SA-01313)", " - CVE-2025-20053 (INTEL-SA-01313)", " - CVE-2025-24305 (INTEL-SA-01313)", " - CVE-2025-26403 (INTEL-SA-01367)", " - CVE-2025-32086 (INTEL-SA-01367)", "" ], "package": "intel-microcode", "version": "3.20250812.0ubuntu0.25.10.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Rodrigo Figueiredo Zaiden ", "date": "Tue, 28 Oct 2025 15:24:30 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8", "version": "5.0.0~alpha1-0ubuntu8" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "cves": [], "launchpad_bugs_fixed": [ 2122161 ], "changes": [ { "cves": [], "log": [ "", " * Add patch to fix Flatpak breakage caused by fusermount3 denials", " (LP: #2122161):", " - d/p/u/profiles-add-rules-to-fix-flatpaks-with-fuse3-17.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2122161 ], "author": "Ryan Lee ", "date": "Thu, 09 Oct 2025 10:44:07 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libdrm-common", "from_version": { "source_package_name": "libdrm", "source_package_version": "2.4.125-1", "version": "2.4.125-1" }, "to_version": { "source_package_name": "libdrm", "source_package_version": "2.4.125-1ubuntu0.1", "version": "2.4.125-1ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127944 ], "changes": [ { "cves": [], "log": [ "", " * patches: Identify APUs from hardware (LP: #2127944)", "" ], "package": "libdrm", "version": "2.4.125-1ubuntu0.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127944 ], "author": "Timo Aaltonen ", "date": "Fri, 24 Oct 2025 17:43:46 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libdrm2", "from_version": { "source_package_name": "libdrm", "source_package_version": "2.4.125-1", "version": "2.4.125-1" }, "to_version": { "source_package_name": "libdrm", "source_package_version": "2.4.125-1ubuntu0.1", "version": "2.4.125-1ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127944 ], "changes": [ { "cves": [], "log": [ "", " * patches: Identify APUs from hardware (LP: #2127944)", "" ], "package": "libdrm", "version": "2.4.125-1ubuntu0.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127944 ], "author": "Timo Aaltonen ", "date": "Fri, 24 Oct 2025 17:43:46 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-5.5", "version": "6.17.0-5.5" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-6.6", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Update oem transitionals", "" ], "package": "linux-meta", "version": "6.17.0-6.6", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Tue, 07 Oct 2025 14:26:47 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "rust-coreutils", "from_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.2.2-0ubuntu2", "version": "0.2.2-0ubuntu2" }, "to_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.2.2-0ubuntu2.1", "version": "0.2.2-0ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127970, 2125535 ], "changes": [ { "cves": [], "log": [ "", " * Cherry pick fixes from pull requests", " - date: use reference file (LP: #2127970)", " - dd: ensure full writes (LP: #2125535)", "" ], "package": "rust-coreutils", "version": "0.2.2-0ubuntu2.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127970, 2125535 ], "author": "Julian Andres Klode ", "date": "Wed, 22 Oct 2025 12:39:11 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.71.1+ubuntu25.10.1", "version": "2.71.1+ubuntu25.10.1" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.72+ubuntu25.10.2", "version": "2.72+ubuntu25.10.2" }, "cves": [], "launchpad_bugs_fixed": [ 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2124239", " - FDE: support replacing TPM protected keys at runtime via the", " /v2/system-volumes endpoint", " - FDE: support secboot preinstall check fix actions for 25.10+", " hybrid installs via the /v2/system/{label} endpoint", " - FDE: tweak polkit message to remove jargon", " - FDE: ensure proper sealing with kernel command line defaults", " - FDE: provide generic reseal function", " - FDE: support using OPTEE for protecting keys, as an alternative to", " existing fde-setup hooks (Ubuntu Core only)", " - Confdb: 'snapctl get --view' supports passing default values", " - Confdb: content sub-rules in confdb-schemas inherit their parent", " rule's \"access\"", " - Confdb: make confdb error kinds used in API more generic", " - Confdb: fully support lists and indexed paths (including unset)", " - Prompting: add notice backend for prompting types (unused for now)", " - Prompting: include request cgroup in prompt", " - Prompting: handle unsupported xattrs", " - Prompting: add permission mapping for the camera interface", " - Notices: read notices from state without state lock", " - Notices: add methods to get notice fields and create, reoccur, and", " deepcopy notice", " - Notices: add notice manager to coordinate separate notice backends", " - Notices: support draining notices from state when notice backend", " registered as producer of a particular notice type", " - Notices: query notice manager from daemon instead of querying", " state for notices directly", " - Packaging: Ubuntu | ignore .git directory", " - Packaging: FIPS | bump deb Go FIPS to 1.23", " - Packaging: snap | bump FIPS toolchain to 1.23", " - Packaging: debian | sync most upstream changes", " - Packaging: debian-sid | depends on libcap2-bin for postint", " - Packaging: Fedora | drop fakeroot", " - Packaging: snap | modify snapd.mk to pass build tags when running", " unit tests", " - Packaging: snap | modify snapd.mk to pass nooptee build tag", " - Packaging: modify Makefile.am to fix snap-confine install profile", " with 'make hack'", " - Packaging: modify Makefile.am to fix out-of-tree use of 'make", " hack'", " - LP: #2122054 Snap installation: skip snap icon download when", " running in a cloud or using a proxy store", " - Snap installation: add timeout to http client when downloading", " snap icon", " - Snap installation: use http(s) proxy for icon downloads", " - LP: #2117558 snap-confine: fix error message with /root/snap not", " accessible", " - snap-confine: fix non-suid limitation by switching to root:root to", " operate v1 freezer", " - core-initrd: do not use writable-paths when not available", " - core-initrd: remove debian folder", " - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev", " interface now with the more robust gpio-aggregator configfs kernel", " interface", " - Interfaces: gpio-chardev | exclusive snap connections, raise a", " conflict when both gpio-chardev and gpio are connected", " - Interfaces: gpio-chardev | fix gpio-aggregator module load order", " - Interfaces: ros-snapd-support | grant access to /v2/changes", " - Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,", " opengl-driver-libs, opengles-driver-libs | new interfaces to", " support nvidia driver components", " - Interfaces: microstack-support | allow DPDK (hugepage related", " permissions)", " - Interfaces: system-observe | allow reading additional files in", " /proc, needed by node-exporter", " - Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key", " and Kensington VeriMark DT Fingerprint Key to device list", " - Interfaces: snap-interfaces-requests-control | allow shell API", " control", " - Interfaces: fwupd | allow access to Intel CVS sysfs", " - Interfaces: hardware-observe | allow read access to Kernel", " Samepage Merging (KSM)", " - Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP", " - Interfaces: spi | relax sysfs permission rules to allow access to", " SPI device node attributes", " - Interfaces: content | introduce compatibility label", " - LP: #2121238 Interfaces: do not expose Kerberos tickets for", " classic snaps", " - Interfaces: ssh-public-keys | allow ro access to public host keys", " with ssh-key", " - Interfaces: Modify AppArmor template to allow listing systemd", " credentials and invoking systemd-creds", " - Interfaces: modify AppArmor template with workarounds for Go 1.35", " cgroup aware GOMAXPROCS", " - Interfaces: modify seccomp template to allow landlock_*", " - Prevent snap hooks from running while relevant snaps are unlinked", " - Make refreshes wait before unlinking snaps if running hooks can be", " affected", " - Fix systemd unit generation by moving \"WantedBy=\" from section", " \"unit\" to \"install\"", " - Add opt-in logging support for snap-update-ns", " - Unhide 'snap help' sign and export-key under Development category", " - LP: #2117121 Cleanly support socket activation for classic snap", " - Add architecture to 'snap version' output", " - Add 'snap debug api' option to disable authentication through", " auth.json", " - Show grade in notes for 'snap info --verbose'", " - Fix preseeding failure due to scan-disk issue on RPi", " - Support 'snap debug api' queries to user session agents", " - LP: #2112626 Improve progress reporting for snap install/refresh", " - Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files", " - Fix /v2/apps error for root user when user services are present", " - LP: #2114704 Extend output to indicate when snap data snapshot was", " created during remove", " - Improve how we handle emmc volumes", " - Improve handling of system-user extra assertions", "" ], "package": "snapd", "version": "2.72+ubuntu25.10.2", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704 ], "author": "Ernest Lotter ", "date": "Thu, 18 Sep 2025 10:00:54 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "sudo-rs", "from_version": { "source_package_name": "rust-sudo-rs", "source_package_version": "0.2.8-1ubuntu5", "version": "0.2.8-1ubuntu5" }, "to_version": { "source_package_name": "rust-sudo-rs", "source_package_version": "0.2.8-1ubuntu5.2", "version": "0.2.8-1ubuntu5.2" }, "cves": [], "launchpad_bugs_fixed": [ 2130623, 2127080 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY UPDATE: multiple security fixes (LP: #2130623)", " - debian/patches/lp-2130623-GHSA-q428-6v73-fc4q-*.patch", " - debian/patches/lp-2130623-GHSA-c978-wq47-pvvw-*.patch", " - CVE numbers pending", "" ], "package": "rust-sudo-rs", "version": "0.2.8-1ubuntu5.2", "urgency": "high", "distributions": "questing-security", "launchpad_bugs_fixed": [ 2130623 ], "author": "Simon Johnsson ", "date": "Mon, 10 Nov 2025 16:12:00 +0100" }, { "cves": [], "log": [ "", " * SRU: fix escaped equals in sudoers file (LP: #2127080)", "" ], "package": "rust-sudo-rs", "version": "0.2.8-1ubuntu5.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127080 ], "author": "Simon Johnsson ", "date": "Mon, 13 Oct 2025 10:34:08 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-drivers-common", "from_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.10.3", "version": "1:0.10.3" }, "to_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.10.3.1", "version": "1:0.10.3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2125156 ], "changes": [ { "cves": [], "log": [ "", " * Prevent coinstallation of conflicting Nvidia Drivers (LP: #2125156)", "" ], "package": "ubuntu-drivers-common", "version": "1:0.10.3.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2125156 ], "author": "Mitchell Augustin ", "date": "Fri, 03 Oct 2025 16:26:02 -0500" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-6.17.0-6-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-5.5", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 2125589 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-6.6", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "", " * manifest-initramfs.yaml: add support for including this manifest in the", " linux-image-uc- packages (LP: #2125589)", " - [Packaging] manifest-initramfs.json -- carry manifest through", "" ], "package": "linux-signed", "version": "6.17.0-6.6", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 1786013, 2125589 ], "author": "Timo Aaltonen ", "date": "Tue, 07 Oct 2025 14:26:53 +0300" } ], "notes": "linux-image-6.17.0-6-generic version '6.17.0-6.6' (source package linux-signed version '6.17.0-6.6') was added. linux-image-6.17.0-6-generic version '6.17.0-6.6' has the same source package name, linux-signed, as removed package linux-image-6.17.0-5-generic. As such we can use the source package version of the removed package, '6.17.0-5.5', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-6-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-5.5", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "cves": [], "launchpad_bugs_fixed": [ 2126040, 2126948, 1981437 ], "changes": [ { "cves": [], "log": [ "", " * questing/linux: 6.17.0-6.6 -proposed tracker (LP: #2126040)", "", " * Questing update: v6.17.1 upstream stable release (LP: #2126948)", " - blk-mq: fix blk_mq_tags double free while nr_requests grown", " - gcc-plugins: Remove TODO_verify_il for GCC >= 16", " - scsi: target: target_core_configfs: Add length check to avoid buffer", " overflow", " - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free", " - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()", " - media: b2c2: Fix use-after-free causing by irq_check_work in", " flexcop_pci_remove", " - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in", " probe", " - media: tuner: xc5000: Fix use-after-free in xc5000_release", " - media: rc: fix races with imon_disconnect()", " - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID", " - mm: swap: check for stable address space before operating on the VMA", " - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()", " - media: iris: Fix memory leak by freeing untracked persist buffer", " - media: stm32-csi: Fix dereference before NULL check", " - ASoC: qcom: audioreach: fix potential null pointer dereference", " - Linux 6.17.1", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Update EFI_SBAT_FILE", " - [Config] riscv64: Enable EFI_ZBOOT", " - [Config] riscv64: Disable support for non-RVA23 SoCs", " - [Config] riscv64: Disable RISCV_ISA_FALLBACK", " - [Config] riscv64: Sync config with other architectures", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs after rebase to 6.17", "" ], "package": "linux", "version": "6.17.0-6.6", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2126040, 2126948, 1981437 ], "author": "Timo Aaltonen ", "date": "Tue, 07 Oct 2025 14:15:18 +0300" } ], "notes": "linux-modules-6.17.0-6-generic version '6.17.0-6.6' (source package linux version '6.17.0-6.6') was added. linux-modules-6.17.0-6-generic version '6.17.0-6.6' has the same source package name, linux, as removed package linux-modules-6.17.0-5-generic. As such we can use the source package version of the removed package, '6.17.0-5.5', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.17.0-5-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-5.5", "version": "6.17.0-5.5" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-5-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-5.5", "version": "6.17.0-5.5" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20251007 to 20251113", "from_series": "questing", "to_series": "questing", "from_serial": "20251007", "to_serial": "20251113", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }