Releases: cloudfoundry/cflinuxfs4
Releases · cloudfoundry/cflinuxfs4
0.42.0
Notably, this release addresses:
USN-5638-2 USN-5638-2: Expat vulnerabilities:
- CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
-ii gir1.2-gdkpixbuf-2.0:amd64 2.42.8+dfsg-1ubuntu0.1 amd64 GDK Pixbuf library - GObject-Introspection
+ii gir1.2-gdkpixbuf-2.0:amd64 2.42.8+dfsg-1ubuntu0.2 amd64 GDK Pixbuf library - GObject-Introspection
-ii libexpat1:amd64 2.4.7-1 amd64 XML parsing C library - runtime library
-ii libexpat1-dev:amd64 2.4.7-1 amd64 XML parsing C library - development kit
+ii libexpat1:amd64 2.4.7-1ubuntu0.1 amd64 XML parsing C library - runtime library
+ii libexpat1-dev:amd64 2.4.7-1ubuntu0.1 amd64 XML parsing C library - development kit
-ii libgdk-pixbuf-2.0-0:amd64 2.42.8+dfsg-1ubuntu0.1 amd64 GDK Pixbuf library
-ii libgdk-pixbuf-2.0-dev:amd64 2.42.8+dfsg-1ubuntu0.1 amd64 GDK Pixbuf library (development files)
-ii libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.1 amd64 GDK Pixbuf library (thumbnailer)
-ii libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.1 all GDK Pixbuf library - data files
+ii libgdk-pixbuf-2.0-0:amd64 2.42.8+dfsg-1ubuntu0.2 amd64 GDK Pixbuf library
+ii libgdk-pixbuf-2.0-dev:amd64 2.42.8+dfsg-1ubuntu0.2 amd64 GDK Pixbuf library (development files)
+ii libgdk-pixbuf2.0-bin 2.42.8+dfsg-1ubuntu0.2 amd64 GDK Pixbuf library (thumbnailer)
+ii libgdk-pixbuf2.0-common 2.42.8+dfsg-1ubuntu0.2 all GDK Pixbuf library - data files
-ii libnetplan0:amd64 0.104-0ubuntu2.1 amd64 YAML network configuration abstraction runtime library
+ii libnetplan0:amd64 0.105-0ubuntu2~22.04.1 amd64 YAML network configuration abstraction runtime library
-ii linux-libc-dev:amd64 5.15.0-52.58 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 5.15.0-53.59 amd64 Linux Kernel Headers for development
-ii netplan.io 0.104-0ubuntu2.1 amd64 YAML network configuration abstraction for various backends
+ii netplan.io 0.105-0ubuntu2~22.04.1 amd64 YAML network configuration abstraction for various backends
-ii tzdata 2022f-0ubuntu0.22.04.0 all time zone and daylight-saving time data
+ii tzdata 2022f-0ubuntu0.22.04.1 all time zone and daylight-saving time data
0.41.0
Notably, this release addresses:
USN-5718-1 USN-5718-1: pixman vulnerability:
- CVE-2022-44638: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
-ii libpixman-1-0:amd64 0.40.0-1build4 amd64 pixel-manipulation library for X and cairo
-ii libpixman-1-dev:amd64 0.40.0-1build4 amd64 pixel-manipulation library for X and cairo (development files)
+ii libpixman-1-0:amd64 0.40.0-1ubuntu0.22.04.1 amd64 pixel-manipulation library for X and cairo
+ii libpixman-1-dev:amd64 0.40.0-1ubuntu0.22.04.1 amd64 pixel-manipulation library for X and cairo (development files)
-ii libtiff-dev:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format library (TIFF), development files
-ii libtiff5:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format (TIFF) library
-ii libtiffxx5:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format (TIFF) library -- C++ interface
+ii libtiff-dev:amd64 4.3.0-6ubuntu0.2 amd64 Tag Image File Format library (TIFF), development files
+ii libtiff5:amd64 4.3.0-6ubuntu0.2 amd64 Tag Image File Format (TIFF) library
+ii libtiffxx5:amd64 4.3.0-6ubuntu0.2 amd64 Tag Image File Format (TIFF) library -- C++ interface
0.40.0
Notably, this release addresses:
USN-5716-1 USN-5716-1: SQLite vulnerability:
- CVE-2022-35737: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
-ii libsqlite3-0:amd64 3.37.2-2 amd64 SQLite 3 shared library
-ii libsqlite3-dev:amd64 3.37.2-2 amd64 SQLite 3 development files
+ii libsqlite3-0:amd64 3.37.2-2ubuntu0.1 amd64 SQLite 3 shared library
+ii libsqlite3-dev:amd64 3.37.2-2ubuntu0.1 amd64 SQLite 3 development files
-ii ubuntu-advantage-tools 27.11.2~22.04.1 amd64 management tools for Ubuntu Advantage
+ii ubuntu-advantage-tools 27.11.3~22.04.1 amd64 management tools for Ubuntu Advantage
0.39.0
Notably, this release addresses:
USN-5713-1 USN-5713-1: Python vulnerability:
- CVE-2022-42919: Linux specific local privilege escalation via the multiprocessing forkserver start method
-ii distro-info-data 0.52ubuntu0.1 all information about the distributions' releases (data files)
+ii distro-info-data 0.52ubuntu0.2 all information about the distributions' releases (data files)
-ii libpython3.10:amd64 3.10.6-1~22.04 amd64 Shared Python runtime library (version 3.10)
-ii libpython3.10-minimal:amd64 3.10.6-1~22.04 amd64 Minimal subset of the Python language (version 3.10)
-ii libpython3.10-stdlib:amd64 3.10.6-1~22.04 amd64 Interactive high-level object-oriented language (standard library, version 3.10)
+ii libpython3.10:amd64 3.10.6-1~22.04.1 amd64 Shared Python runtime library (version 3.10)
+ii libpython3.10-minimal:amd64 3.10.6-1~22.04.1 amd64 Minimal subset of the Python language (version 3.10)
+ii libpython3.10-stdlib:amd64 3.10.6-1~22.04.1 amd64 Interactive high-level object-oriented language (standard library, version 3.10)
-ii python3.10 3.10.6-1~22.04 amd64 Interactive high-level object-oriented language (version 3.10)
-ii python3.10-minimal 3.10.6-1~22.04 amd64 Minimal subset of the Python language (version 3.10)
+ii python3.10 3.10.6-1~22.04.1 amd64 Interactive high-level object-oriented language (version 3.10)
+ii python3.10-minimal 3.10.6-1~22.04.1 amd64 Minimal subset of the Python language (version 3.10)
-ii tzdata 2022e-0ubuntu0.22.04.0 all time zone and daylight-saving time data
+ii tzdata 2022f-0ubuntu0.22.04.0 all time zone and daylight-saving time data
0.38.0
Notably, this release addresses:
USN-5710-1 USN-5710-1: OpenSSL vulnerabilities:
- CVE-2022-3786: X.509 Email Address Buffer Overflow
- CVE-2022-3358: OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).
- CVE-2022-3358: OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).
- CVE-2022-3602: X.509 Email Address Buffer Overflow
- CVE-2022-3786: X.509 Email Address Buffer Overflow
-ii libssl-dev:amd64 3.0.2-0ubuntu1.6 amd64 Secure Sockets Layer toolkit - development files
-ii libssl3:amd64 3.0.2-0ubuntu1.6 amd64 Secure Sockets Layer toolkit - shared libraries
+ii libssl-dev:amd64 3.0.2-0ubuntu1.7 amd64 Secure Sockets Layer toolkit - development files
+ii libssl3:amd64 3.0.2-0ubuntu1.7 amd64 Secure Sockets Layer toolkit - shared libraries
-ii openssl 3.0.2-0ubuntu1.6 amd64 Secure Sockets Layer toolkit - cryptographic utility
+ii openssl 3.0.2-0ubuntu1.7 amd64 Secure Sockets Layer toolkit - cryptographic utility
0.37.0
Notably, this release addresses:
USN-5704-1 USN-5704-1: DBus vulnerabilities:
- CVE-2022-42010: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
- CVE-2022-42011: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
- CVE-2022-42012: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
- CVE-2022-42010: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
- CVE-2022-42012: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
- CVE-2022-42011: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
-ii libdbus-1-3:amd64 1.12.20-2ubuntu4 amd64 simple interprocess messaging system (library)
+ii libdbus-1-3:amd64 1.12.20-2ubuntu4.1 amd64 simple interprocess messaging system (library)
0.36.0
Notably, this release addresses:
USN-5702-1 USN-5702-1: curl vulnerabilities:
- CVE-2022-32221: [POST following PUT confusion]
- CVE-2022-35260: [.netrc parser out-of-bounds access]
- CVE-2022-42915: [HTTP proxy double-free]
- CVE-2022-42916: [HSTS bypass via IDN]
- CVE-2022-32221: [POST following PUT confusion]
- CVE-2022-35260: [.netrc parser out-of-bounds access]
- CVE-2022-42916: [HSTS bypass via IDN]
- CVE-2022-42915: [HTTP proxy double-free]
-ii binutils 2.38-3ubuntu1 amd64 GNU assembler, linker and binary utilities
-ii binutils-common:amd64 2.38-3ubuntu1 amd64 Common files for the GNU assembler, linker and binary utilities
-ii binutils-x86-64-linux-gnu 2.38-3ubuntu1 amd64 GNU binary utilities, for x86-64-linux-gnu target
+ii binutils 2.38-4ubuntu2 amd64 GNU assembler, linker and binary utilities
+ii binutils-common:amd64 2.38-4ubuntu2 amd64 Common files for the GNU assembler, linker and binary utilities
+ii binutils-x86-64-linux-gnu 2.38-4ubuntu2 amd64 GNU binary utilities, for x86-64-linux-gnu target
-ii cpp-11 11.2.0-19ubuntu1 amd64 GNU C preprocessor
+ii cpp-11 11.3.0-1ubuntu1~22.04 amd64 GNU C preprocessor
-ii curl 7.81.0-1ubuntu1.4 amd64 command line tool for transferring data with URL syntax
+ii curl 7.81.0-1ubuntu1.6 amd64 command line tool for transferring data with URL syntax
-ii g++-11 11.2.0-19ubuntu1 amd64 GNU C++ compiler
+ii g++-11 11.3.0-1ubuntu1~22.04 amd64 GNU C++ compiler
-ii gcc-11 11.2.0-19ubuntu1 amd64 GNU C compiler
-ii gcc-11-base:amd64 11.2.0-19ubuntu1 amd64 GCC, the GNU Compiler Collection (base package)
+ii gcc-11 11.3.0-1ubuntu1~22.04 amd64 GNU C compiler
+ii gcc-11-base:amd64 11.3.0-1ubuntu1~22.04 amd64 GCC, the GNU Compiler Collection (base package)
-ii gdb 12.0.90-0ubuntu1 amd64 GNU Debugger
+ii gdb 12.1-0ubuntu1~22.04 amd64 GNU Debugger
-ii libasan6:amd64 11.2.0-19ubuntu1 amd64 AddressSanitizer -- a fast memory error detector
+ii libasan6:amd64 11.3.0-1ubuntu1~22.04 amd64 AddressSanitizer -- a fast memory error detector
-ii libbinutils:amd64 2.38-3ubuntu1 amd64 GNU binary utilities (private shared library)
+ii libbinutils:amd64 2.38-4ubuntu2 amd64 GNU binary utilities (private shared library)
-ii libctf-nobfd0:amd64 2.38-3ubuntu1 amd64 Compact C Type Format library (runtime, no BFD dependency)
-ii libctf0:amd64 2.38-3ubuntu1 amd64 Compact C Type Format library (runtime, BFD dependency)
-ii libcurl3-gnutls:amd64 7.81.0-1ubuntu1.4 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
-ii libcurl4:amd64 7.81.0-1ubuntu1.4 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
-ii libcurl4-openssl-dev:amd64 7.81.0-1ubuntu1.4 amd64 development files and documentation for libcurl (OpenSSL flavour)
+ii libctf-nobfd0:amd64 2.38-4ubuntu2 amd64 Compact C Type Format library (runtime, no BFD dependency)
+ii libctf0:amd64 2.38-4ubuntu2 amd64 Compact C Type Format library (runtime, BFD dependency)
+ii libcurl3-gnutls:amd64 7.81.0-1ubuntu1.6 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
+ii libcurl4:amd64 7.81.0-1ubuntu1.6 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
+ii libcurl4-openssl-dev:amd64 7.81.0-1ubuntu1.6 amd64 development files and documentation for libcurl (OpenSSL flavour)
-ii libgcc-11-dev:amd64 11.2.0-19ubuntu1 amd64 GCC support library (development files)
+ii libgcc-11-dev:amd64 11.3.0-1ubuntu1~22.04 amd64 GCC support library (development files)
-ii libstdc++-11-dev:amd64 11.2.0-19ubuntu1 amd64 GNU Standard C++ Library v3 (development files)
+ii libstdc++-11-dev:amd64 11.3.0-1ubuntu1~22.04 amd64 GNU Standard C++ Library v3 (development files)
-ii libtsan0:amd64 11.2.0-19ubuntu1 amd64 ThreadSanitizer -- a Valgrind-based detector of data races (runtime)
+ii libtsan0:amd64 11.3.0-1ubuntu1~22.04 amd64 ThreadSanitizer -- a Valgrind-based detector of data races (runtime)
-ii libunbound8:amd64 1.13.1-1ubuntu5.1 amd64 library implementing DNS resolution and validation
+ii libunbound8:amd64 1.13.1-1ubuntu5.2 amd64 library implementing DNS resolution and validation
-ii tzdata 2022c-0ubuntu0.22.04.0 all time zone and daylight-saving time data
+ii tzdata 2022e-0ubuntu0.22.04.0 all time zone and daylight-saving time data
0.35.0
Notably, this release addresses:
USN-5689-1 USN-5689-1: Perl vulnerability:
- CVE-2020-16156: CPAN 2.28 allows Signature Verification Bypass.
USN-5686-1 USN-5686-1: Git vulnerabilities:
- CVE-2022-39253: [When relying on the
--localclone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's$GIT_DIRwhen cloning from a malicious repository.] - CVE-2022-39260: [An overly-long command string given to
git shellcan result in overflow insplit_cmdline(), leading to arbitrary heap writes and remote code execution whengit shellis exposed and the directory$HOME/git-shell-commandsexists.] - CVE-2022-39260: [An overly-long command string given to
git shellcan result in overflow insplit_cmdline(), leading to arbitrary heap writes and remote code execution whengit shellis exposed and the directory$HOME/git-shell-commandsexists.] - CVE-2022-39253: [When relying on the
--localclone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's$GIT_DIRwhen cloning from a malicious repository.]
USN-5570-2 USN-5570-2: zlib vulnerability:
- CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
-ii git 1:2.34.1-1ubuntu1.4 amd64 fast, scalable, distributed revision control system
-ii git-man 1:2.34.1-1ubuntu1.4 all fast, scalable, distributed revision control system (manual pages)
+ii git 1:2.34.1-1ubuntu1.5 amd64 fast, scalable, distributed revision control system
+ii git-man 1:2.34.1-1ubuntu1.5 all fast, scalable, distributed revision control system (manual pages)
-ii libperl5.34:amd64 5.34.0-3ubuntu1 amd64 shared Perl library
+ii libperl5.34:amd64 5.34.0-3ubuntu1.1 amd64 shared Perl library
-ii linux-libc-dev:amd64 5.15.0-50.56 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 5.15.0-52.58 amd64 Linux Kernel Headers for development
-ii perl 5.34.0-3ubuntu1 amd64 Larry Wall's Practical Extraction and Report Language
-ii perl-base 5.34.0-3ubuntu1 amd64 minimal Perl system
-ii perl-modules-5.34 5.34.0-3ubuntu1 all Core Perl modules
+ii perl 5.34.0-3ubuntu1.1 amd64 Larry Wall's Practical Extraction and Report Language
+ii perl-base 5.34.0-3ubuntu1.1 amd64 minimal Perl system
+ii perl-modules-5.34 5.34.0-3ubuntu1.1 all Core Perl modules
-ii sudo 1.9.9-1ubuntu2 amd64 Provide limited super user privileges to specific users
+ii sudo 1.9.9-1ubuntu2.1 amd64 Provide limited super user privileges to specific users
-ii zlib1g:amd64 1:1.2.11.dfsg-2ubuntu9.1 amd64 compression library - runtime
-ii zlib1g-dev:amd64 1:1.2.11.dfsg-2ubuntu9.1 amd64 compression library - development
+ii zlib1g:amd64 1:1.2.11.dfsg-2ubuntu9.2 amd64 compression library - runtime
+ii zlib1g-dev:amd64 1:1.2.11.dfsg-2ubuntu9.2 amd64 compression library - development
0.34.0
Notably, this release addresses:
USN-5673-1 USN-5673-1: unzip vulnerabilities:
- CVE-2021-4217: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2022-0529: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2021-4217: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
- https://launchpad.net/bugs/1957077: SIGSEGV during processing of unicode string
-ii linux-libc-dev:amd64 5.15.0-48.54 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 5.15.0-50.56 amd64 Linux Kernel Headers for development
-ii unzip 6.0-26ubuntu3 amd64 De-archiver for .zip files
+ii unzip 6.0-26ubuntu3.1 amd64 De-archiver for .zip files
0.33.0
Notably, this release addresses:
USN-5658-1 USN-5658-1: DHCP vulnerabilities:
- CVE-2022-2928: An option refcount overflow exists in dhcpd
- CVE-2022-2929: DHCP memory leak
- CVE-2022-2929: DHCP memory leak
- CVE-2022-2928: An option refcount overflow exists in dhcpd
-ii apt 2.4.7 amd64 commandline package manager
-ii apt-utils 2.4.7 amd64 package management related utility programs
+ii apt 2.4.8 amd64 commandline package manager
+ii apt-utils 2.4.8 amd64 package management related utility programs
-ii isc-dhcp-client 4.4.1-2.3ubuntu2.2 amd64 DHCP client for automatically obtaining an IP address
+ii isc-dhcp-client 4.4.1-2.3ubuntu2.3 amd64 DHCP client for automatically obtaining an IP address
-ii libapt-pkg6.0:amd64 2.4.7 amd64 package management runtime library
+ii libapt-pkg6.0:amd64 2.4.8 amd64 package management runtime library
-ii ubuntu-advantage-tools 27.10.1~22.04.1 amd64 management tools for Ubuntu Advantage
+ii ubuntu-advantage-tools 27.11.2~22.04.1 amd64 management tools for Ubuntu Advantage