Releases · cloudfoundry/bosh-linux-stemcell-builder

13 Feb 05:46

bosh-admin-bot

ubuntu-noble/v1.238

9648d2b

ubuntu noble v1.238 Latest

Latest

Metadata:

BOSH Agent Version: 2.813.0
Kernel Version: 6.8.0-100.100

USNs:

Title: USN-8018-1 -- Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8018-1
Priorities: medium
Description:
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-11468) Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python inefficiently parsed XML input with quadratic complexity. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-12084) It was discovered that Python incorrectly parsed malicious plist files. An attacker could possibly use this issue to cause Python to use excessive resources, leading to a denial of service. This issue only affected python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-13837) Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2025-15282) Omar Hasan discovered that Python incorrectly parsed malicious IMAP inputs. An attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2025-15366) Omar Hasan discovered that Python incorrectly parsed malicious POP3 inputs. An attacker could possibly use this issue to inject arbitrary POP3 commands. (CVE-2025-15367) Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie headers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0672) Omar Hasan discovered that Python incorrectly parsed malicious HTTP header names and values. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0865) Update Instructions: Run sudo pro fix USN-8018-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python3.12 - 3.12.3-1ubuntu0.11 libpython3.12-dev - 3.12.3-1ubuntu0.11 libpython3.12-minimal - 3.12.3-1ubuntu0.11 libpython3.12-stdlib - 3.12.3-1ubuntu0.11 libpython3.12-testsuite - 3.12.3-1ubuntu0.11 libpython3.12t64 - 3.12.3-1ubuntu0.11 python3.12 - 3.12.3-1ubuntu0.11 python3.12-dev - 3.12.3-1ubuntu0.11 python3.12-doc - 3.12.3-1ubuntu0.11 python3.12-examples - 3.12.3-1ubuntu0.11 python3.12-full - 3.12.3-1ubuntu0.11 python3.12-minimal - 3.12.3-1ubuntu0.11 python3.12-nopie - 3.12.3-1ubuntu0.11 python3.12-venv - 3.12.3-1ubuntu0.11 No subscription required
CVEs:

Title: USN-8028-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8028-1
Priorities: high,low,medium
Description:
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PA-RISC architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - Compute Acceleration Framework; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - ATA over ethernet (AOE) driver; - DRBD Distributed Replicated Block Device drivers; - Network block device driver; - Ublk userspace block driver; - Bluetooth drivers; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - Device frequency scaling framework; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EDAC drivers; - Arm Firmware Framework for ARMv8-A(FFA); - ARM SCMI message protocol; - FPGA Framework; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - HW tracing; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Miscellaneous) drivers; - IOMMU subsystem; - IRQ chip drivers; - MCB driver; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - Microchip PCI driver; - Intel Management Engine Interface driver; - PCI Endpoint Test driver; - TI TPS6594 PFSM driver; - VMware VMCI Driver; - MMC subsystem; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - PCI subsystem; - Amlogic Meson DDR PMU; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - Power supply drivers; - Powercap sysfs driver; - PTP clock framework; - PWM drivers; - RapidIO drivers; - Voltage and Current Regulator drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - ASPEED SoC drivers; - QCOM SoC drivers; - Samsung SoC drivers; - SPI subsystem; - small TFT LCD display modules; - Media staging drivers; - TCM subsystem; - Trusted Execution Environment drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - UFS subsystem; - Cadence USB3 driver; - ChipIdea USB driver; - USB Device Class drivers; - USB core drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Backlight driver; - Framebuffer layer; - TSM Common Guest driver; - Virtio drivers; - Xen hypervisor drivers; - File systems infrastructure; - BTRFS file system; - Ceph distributed file system; - EFI Variable file system; - Ext4 file system; - F2FS file system; - GFS2 file system; - JFFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - Overlay file system; - Proc file system; - SMB network file system; - DRM display driver; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - Memory Management; - Internal shared memory driver; - LZO compression library; - Mellanox drivers; - padata parallel execution mechanism; - Networking subsytem; - Bluetooth subsystem; - Netfilter; - Network traffic control; - SCTP protocol; - Network sockets; - UDP network protocol; - eXpress Data Path; - XFRM subsystem; - Digital Audio (PCM) driver; - Universal MIDI packet (UMP) support module; - Tracing infrastructure; - User-space API (UAPI); - io_uring subsystem; - IPC subsystem; - Perf events; - Kernel exit() syscall; - IRQ subsystem; - Padata parallel execution mechanism; - Kernel command line parsing driver; - Hibernation control; - RCU subsystem; - Restartable seuqences system call mechanism; - Maple Tree data structure library; - Memory management; - KASAN memory debugging framework; - 802.1Q VLAN protocol; - 9P file system network protocol; - Appletalk network protocol; - Ethernet bridge; - CAN network layer; - Networking core; - Distributed Switch Architecture; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - MultiProtocol Label Switching driver; - Multipath TCP; - NetLabel subsystem; - Netlink; - NFC subsystem; - Open vSwitch; - RDS protocol; - Rose network layer; - RxRPC session sockets; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Unix domain sockets; - VMware vSockets driver; - Wireless networking; - ALSA framework; - WCD audio codecs; - Intel ASoC drivers; - MediaTek ASoC drivers; - QCOM ASoC drivers; - SoC audio core drivers; - USB sound devices; - Virtio sound driver; - CPU Power monitoring subsystem; - KVM subsystem; (CVE-2025-21884, CVE-2025-21931, CVE-2025-22026, CVE-2025-22101, CVE-2025-22102, CVE-2025-22115, CVE-2025-22120, CVE-2025-22126, CVE-2025-22128, CVE-2025-23140, CVE-2025-23141, CVE-2025-23142, CVE-2025-23144, CVE-2025-23145, CVE-2025-23146, CVE-2025-23147, CVE-2025-23148, CVE-2025-23149, CVE-2025-23150, CVE-2025-23151, CVE-2025-23155, CVE-2025-23156, CVE-2025-23157, CVE-2025-23158, CVE-2025-23159, CVE-2025-23160, CVE-2025-23161, CVE-2025-23163, CVE-2025-37738, CVE-2025-37739, CVE-2025-37740, CVE-2025-37741, CVE-2025-37742, CVE-2025-37744, CVE-2025-37745, CVE-2025-37748, CVE-2025-37749, CVE-2025-37754, CVE-2025-37755, CVE-2025-37757, CVE-2025-37758, CVE-2025-37759, CVE-2025-37761, CVE-2025-37763, CVE-2025-37764, CVE-2025-37765, CVE-2025-37766, CVE-2025-37767, CVE-2025-37768, CVE-2025-37769, CVE-2025-37770, CVE-2025-37771, CVE-2025-37772, CVE-2025-37773, CVE-2025-37775, CVE-2025-37777, CVE-2025-37778, CVE-2025-37780, CVE-2025-37781, CVE-2025-37784, CVE-2025-37786, CVE-2025-37787, CVE-2025-37788, CVE-2025-37789, CVE-2025-37790, CVE-2025-37792, CVE-2025-37793, CVE-2025-37794, CVE-2025-37796, CVE-2025-37799, CVE-2025-378...

Assets 2

13 Feb 05:27

bosh-admin-bot

ubuntu-jammy/v1.1065

653f2e5

ubuntu jammy v1.1065

Metadata:

BOSH Agent Version: 2.813.0
Kernel Version: 5.15.0.170.159

USNs:

Title: USN-8018-1 -- Python vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8018-1
Priorities: medium
Description:
Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-11468) Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python inefficiently parsed XML input with quadratic complexity. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-12084) It was discovered that Python incorrectly parsed malicious plist files. An attacker could possibly use this issue to cause Python to use excessive resources, leading to a denial of service. This issue only affected python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and python3.14 packages. (CVE-2025-13837) Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2025-15282) Omar Hasan discovered that Python incorrectly parsed malicious IMAP inputs. An attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2025-15366) Omar Hasan discovered that Python incorrectly parsed malicious POP3 inputs. An attacker could possibly use this issue to inject arbitrary POP3 commands. (CVE-2025-15367) Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie headers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0672) Omar Hasan discovered that Python incorrectly parsed malicious HTTP header names and values. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-0865) Update Instructions: Run sudo pro fix USN-8018-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python3.10 - 3.10.12-1~~22.04.14 libpython3.10 - 3.10.12-1~~22.04.14 libpython3.10-dev - 3.10.12-1~~22.04.14 libpython3.10-minimal - 3.10.12-1~~22.04.14 libpython3.10-stdlib - 3.10.12-1~~22.04.14 libpython3.10-testsuite - 3.10.12-1~~22.04.14 python3.10 - 3.10.12-1~~22.04.14 python3.10-dev - 3.10.12-1~~22.04.14 python3.10-doc - 3.10.12-1~~22.04.14 python3.10-examples - 3.10.12-1~~22.04.14 python3.10-full - 3.10.12-1~~22.04.14 python3.10-minimal - 3.10.12-1~~22.04.14 python3.10-nopie - 3.10.12-1~~22.04.14 python3.10-venv - 3.10.12-1~~22.04.14 No subscription required idle-python3.11 - 3.11.0~~rc1-1~~22.04.1~~esm8 libpython3.11 - 3.11.0~~rc1-1~~22.04.1~~esm8 libpython3.11-dev - 3.11.0~~rc1-1~~22.04.1~~esm8 libpython3.11-minimal - 3.11.0~~rc1-1~~22.04.1~~esm8 libpython3.11-stdlib - 3.11.0~~rc1-1~~22.04.1~~esm8 libpython3.11-testsuite - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11 - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-dev - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-doc - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-examples - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-full - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-minimal - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-nopie - 3.11.0~~rc1-1~~22.04.1~~esm8 python3.11-venv - 3.11.0~~rc1-1~~22.04.1~~esm8 No subscription required
CVEs:

Title: USN-8022-1 -- Expat vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8022-1
Priorities: medium
Description:
It was discovered that Expat incorrectly handled memory when parsing certain XML files. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-59375) It was discovered that Expat incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-24515) It was discovered that Expat incorrectly handled integer calculations when allocating memory for XML tags. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-25210) Update Instructions: Run sudo pro fix USN-8022-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: expat - 2.4.7-1ubuntu0.7 libexpat1 - 2.4.7-1ubuntu0.7 libexpat1-dev - 2.4.7-1ubuntu0.7 No subscription required
CVEs:

Full Changelog: ubuntu-jammy/v1.1044...ubuntu-jammy/v1.1065

Assets 2

06 Feb 21:49

bosh-admin-bot

ubuntu-noble/v1.215

a8911c9

ubuntu noble v1.215

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 6.8.0-90.91

Full Changelog: ubuntu-noble/v1.204...ubuntu-noble/v1.215

USNs:

Title: USN-7980-1 -- OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7980-1
Priorities: low,medium
Description:
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796) Update Instructions: Run sudo pro fix USN-7980-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 3.0.13-0ubuntu3.7 libssl-doc - 3.0.13-0ubuntu3.7 libssl3t64 - 3.0.13-0ubuntu3.7 openssl - 3.0.13-0ubuntu3.7 No subscription required
CVEs:

Title: USN-8005-1 -- GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8005-1
Priorities: medium
Description:
Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. (CVE-2025-15281) Anastasia Belova discovered that the GNU C Library incorrectly handled the regcomp function when memory allocation failures occured. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-8058) Igor Morgenstern discovered that the GNU C Library incorrectly handled the memalign function when doing memory allocation. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0861) Igor Morgenstern discovered that the GNU C Library incorrectly handled certain DNS backend when queries for a zero-valued network. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-0915) Update Instructions: Run sudo pro fix USN-8005-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.39-0ubuntu8.7 glibc-source - 2.39-0ubuntu8.7 libc-bin - 2.39-0ubuntu8.7 libc-dev-bin - 2.39-0ubuntu8.7 libc-devtools - 2.39-0ubuntu8.7 libc6 - 2.39-0ubuntu8.7 libc6-amd64 - 2.39-0ubuntu8.7 libc6-dev - 2.39-0ubuntu8.7 libc6-dev-amd64 - 2.39-0ubuntu8.7 libc6-dev-i386 - 2.39-0ubuntu8.7 libc6-dev-s390 - 2.39-0ubuntu8.7 libc6-dev-x32 - 2.39-0ubuntu8.7 libc6-i386 - 2.39-0ubuntu8.7 libc6-s390 - 2.39-0ubuntu8.7 libc6-x32 - 2.39-0ubuntu8.7 locales - 2.39-0ubuntu8.7 locales-all - 2.39-0ubuntu8.7 nscd - 2.39-0ubuntu8.7 No subscription required
CVEs:

Title: USN-8015-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8015-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019) Update Instructions: Run sudo pro fix USN-8015-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-cloud-tools-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-cloud-tools-gkeop - 6.8.0-1029.32 linux-cloud-tools-gkeop-6.8 - 6.8.0-1029.32 linux-gkeop - 6.8.0-1029.32 linux-gkeop-6.8 - 6.8.0-1029.32 linux-gkeop-cloud-tools-6.8.0-1029 - 6.8.0-1029.32 linux-gkeop-headers-6.8.0-1029 - 6.8.0-1029.32 linux-gkeop-tools-6.8.0-1029 - 6.8.0-1029.32 linux-headers-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-headers-gkeop - 6.8.0-1029.32 linux-headers-gkeop-6.8 - 6.8.0-1029.32 linux-image-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-image-gkeop - 6.8.0-1029.32 linux-image-gkeop-6.8 - 6.8.0-1029.32 linux-image-unsigned-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-modules-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-modules-extra-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-modules-extra-gkeop - 6.8.0-1029.32 linux-modules-extra-gkeop-6.8 - 6.8.0-1029.32 linux-tools-6.8.0-1029-gkeop - 6.8.0-1029.32 linux-tools-gkeop - 6.8.0-1029.32 linux-tools-gkeop-6.8 - 6.8.0-1029.32 No subscription required linux-buildinfo-6.8.0-1042-oracle - 6.8.0-1042.43 linux-buildinfo-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-headers-6.8.0-1042-oracle - 6.8.0-1042.43 linux-headers-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-headers-oracle-6.8 - 6.8.0-1042.43 linux-headers-oracle-64k-6.8 - 6.8.0-1042.43 linux-headers-oracle-64k-lts-24.04 - 6.8.0-1042.43 linux-headers-oracle-lts-24.04 - 6.8.0-1042.43 linux-image-6.8.0-1042-oracle - 6.8.0-1042.43 linux-image-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-image-oracle-6.8 - 6.8.0-1042.43 linux-image-oracle-64k-6.8 - 6.8.0-1042.43 linux-image-oracle-64k-lts-24.04 - 6.8.0-1042.43 linux-image-oracle-lts-24.04 - 6.8.0-1042.43 linux-image-unsigned-6.8.0-1042-oracle - 6.8.0-1042.43 linux-image-unsigned-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-modules-6.8.0-1042-oracle - 6.8.0-1042.43 linux-modules-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-modules-extra-6.8.0-1042-oracle - 6.8.0-1042.43 linux-modules-extra-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-oracle-6.8 - 6.8.0-1042.43 linux-oracle-64k-6.8 - 6.8.0-1042.43 linux-oracle-64k-lts-24.04 - 6.8.0-1042.43 linux-oracle-headers-6.8.0-1042 - 6.8.0-1042.43 linux-oracle-lts-24.04 - 6.8.0-1042.43 linux-oracle-tools-6.8.0-1042 - 6.8.0-1042.43 linux-tools-6.8.0-1042-oracle - 6.8.0-1042.43 linux-tools-6.8.0-1042-oracle-64k - 6.8.0-1042.43 linux-tools-oracle-6.8 - 6.8.0-1042.43 linux-tools-oracle-64k-6.8 - 6.8.0-1042.43 linux-tools-oracle-64k-lts-24.04 - 6.8.0-1042.43 linux-tools-oracle-lts-24.04 - 6.8.0-1042.43 No subscription required linux-buildinfo-6.8.0-1042-gke - 6.8.0-1042.47 linux-buildinfo-6.8.0-1042-gke-64k - 6.8.0-1042.47 linux-gke - 6.8.0-1042.47 linux-gke-6.8 - 6.8.0-1042.47 linux-gke-64k - 6.8.0-1042.47 linux-gke-64k-6.8 - 6.8.0-1042.47 linux-gke-headers-6.8.0-1042 - 6.8.0-1042.47 linux-gke-too...

Assets 2

06 Feb 21:50

bosh-admin-bot

ubuntu-jammy/v1.1044

8b63edd

ubuntu jammy v1.1044

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 5.15.0.168.159

Full Changelog: ubuntu-jammy/v1.1033...ubuntu-jammy/v1.1044

USNs:

Title: USN-7980-1 -- OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7980-1
Priorities: low,medium
Description:
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796) Update Instructions: Run sudo pro fix USN-7980-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 3.0.2-0ubuntu1.21 libssl-doc - 3.0.2-0ubuntu1.21 libssl3 - 3.0.2-0ubuntu1.21 openssl - 3.0.2-0ubuntu1.21 No subscription required
CVEs:

Title: USN-8005-1 -- GNU C Library vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8005-1
Priorities: medium
Description:
Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. (CVE-2025-15281) Anastasia Belova discovered that the GNU C Library incorrectly handled the regcomp function when memory allocation failures occured. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-8058) Igor Morgenstern discovered that the GNU C Library incorrectly handled the memalign function when doing memory allocation. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0861) Igor Morgenstern discovered that the GNU C Library incorrectly handled certain DNS backend when queries for a zero-valued network. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-0915) Update Instructions: Run sudo pro fix USN-8005-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.35-0ubuntu3.13 glibc-source - 2.35-0ubuntu3.13 libc-bin - 2.35-0ubuntu3.13 libc-dev-bin - 2.35-0ubuntu3.13 libc-devtools - 2.35-0ubuntu3.13 libc6 - 2.35-0ubuntu3.13 libc6-amd64 - 2.35-0ubuntu3.13 libc6-dev - 2.35-0ubuntu3.13 libc6-dev-amd64 - 2.35-0ubuntu3.13 libc6-dev-i386 - 2.35-0ubuntu3.13 libc6-dev-s390 - 2.35-0ubuntu3.13 libc6-dev-x32 - 2.35-0ubuntu3.13 libc6-i386 - 2.35-0ubuntu3.13 libc6-prof - 2.35-0ubuntu3.13 libc6-s390 - 2.35-0ubuntu3.13 libc6-x32 - 2.35-0ubuntu3.13 locales - 2.35-0ubuntu3.13 locales-all - 2.35-0ubuntu3.13 nscd - 2.35-0ubuntu3.13 No subscription required
CVEs:

Title: USN-8013-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8013-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; (CVE-2025-38561, CVE-2025-40019) Update Instructions: Run sudo pro fix USN-8013-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-buildinfo-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 linux-headers-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-headers-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 linux-image-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-image-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 linux-image-unsigned-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-image-unsigned-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 linux-modules-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-modules-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 linux-modules-extra-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-nvidia-tegra-headers-5.15.0-1051 - 5.15.0-1051.51 linux-nvidia-tegra-tools-5.15.0-1051 - 5.15.0-1051.51 linux-tools-5.15.0-1051-nvidia-tegra - 5.15.0-1051.51 linux-tools-5.15.0-1051-nvidia-tegra-rt - 5.15.0-1051.51 No subscription required linux-buildinfo-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-cloud-tools-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-gkeop-cloud-tools-5.15.0-1082 - 5.15.0-1082.90 linux-gkeop-headers-5.15.0-1082 - 5.15.0-1082.90 linux-gkeop-tools-5.15.0-1082 - 5.15.0-1082.90 linux-headers-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-image-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-image-unsigned-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-modules-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-modules-extra-5.15.0-1082-gkeop - 5.15.0-1082.90 linux-tools-5.15.0-1082-gkeop - 5.15.0-1082.90 No subscription required linux-buildinfo-5.15.0-1091-kvm - 5.15.0-1091.96 linux-headers-5.15.0-1091-kvm - 5.15.0-1091.96 linux-image-5.15.0-1091-kvm - 5.15.0-1091.96 linux-image-unsigned-5.15.0-1091-kvm - 5.15.0-1091.96 linux-kvm-headers-5.15.0-1091 - 5.15.0-1091.96 linux-kvm-tools-5.15.0-1091 - 5.15.0-1091.96 linux-modules-5.15.0-1091-kvm - 5.15.0-1091.96 linux-tools-5.15.0-1091-kvm - 5.15.0-1091.96 No subscription required linux-buildinfo-5.15.0-1093-ibm - 5.15.0-1093.96 linux-buildinfo-5.15.0-1093-raspi - 5.15.0-1093.96 linux-headers-5.15.0-1093-ibm - 5.15.0-1093.96 linux-headers-5.15.0-1093-raspi - 5.15.0-1093.96 linux-ibm-cloud-tools-common - 5.15.0-1093.96 linux-ibm-headers-5.15.0-1093 - 5.15.0-1093.96 linux-ibm-source-5.15.0 - 5.15.0-1093.96 linux-ibm-tools-5.15.0-1093 - 5.15.0-1093.96 linux-ibm-tools-common - 5.15.0-1093.96 linux-image-5.15.0-1093-ibm - 5.15.0-1093.96 linux-image-5.15.0-1093-raspi - 5.15.0-1093.96 linux-image-unsigned-5.15.0-1093-ibm - 5.15.0-1093.96 linux-modules-5.15.0-1093-ibm - 5.15.0-1093.96 linux-modules-5.15.0-1093-raspi - 5.15.0-1093.96 linux-modules-extra-5.15.0-1093-ibm - 5.15.0-1093.96 linux-modules-extra-5.15.0-1093-raspi - 5.15.0-1093.96 linux-raspi-headers-5.15.0-1093 - 5.15.0-1093.96 linux-raspi-tools-5.15.0-1093 - 5.15.0-1093.96 linux-tools-5.15.0-1093-ibm - 5.15.0-1093.96 linux-tools-5.15...

Assets 2

29 Jan 22:56

bosh-admin-bot

ubuntu-jammy/v1.1033

c8c8c5e

ubuntu jammy v1.1033

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 5.15.0.164.159

USNs:

What's Changed

Added a vsphere guestinfo settings source that pulls bosh agent settings from vmware RPC, but falls back to CDROM if guestinfo settings are not available.

Full Changelog: ubuntu-jammy/v1.1028...ubuntu-jammy/v1.1033

Assets 2

29 Jan 22:58

bosh-admin-bot

ubuntu-noble/v1.204

1611af6

ubuntu noble v1.204

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 6.8.0-90.91

What's Changed

Added a vsphere guestinfo settings source that pulls bosh agent settings from vmware RPC, but falls back to CDROM if guestinfo settings are not available.

Full Changelog: ubuntu-noble/v1.199...ubuntu-noble/v1.204

USNs:

Title: USN-7971-1 -- GLib vulnerability
URL: https://ubuntu.com/security/notices/USN-7971-1
Priorities: medium
Description:
It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run sudo pro fix USN-7971-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-girepository-3.0 - 2.80.0-6ubuntu3.7 gir1.2-girepository-3.0-dev - 2.80.0-6ubuntu3.7 gir1.2-glib-2.0 - 2.80.0-6ubuntu3.7 gir1.2-glib-2.0-dev - 2.80.0-6ubuntu3.7 libgirepository-2.0-0 - 2.80.0-6ubuntu3.7 libgirepository-2.0-dev - 2.80.0-6ubuntu3.7 libglib2.0-0t64 - 2.80.0-6ubuntu3.7 libglib2.0-bin - 2.80.0-6ubuntu3.7 libglib2.0-data - 2.80.0-6ubuntu3.7 libglib2.0-dev - 2.80.0-6ubuntu3.7 libglib2.0-dev-bin - 2.80.0-6ubuntu3.7 libglib2.0-doc - 2.80.0-6ubuntu3.7 libglib2.0-tests - 2.80.0-6ubuntu3.7 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2026-0988

Title: USN-7974-1 -- libxml2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7974-1
Priorities: low,medium
Description:
It was discovered that libxml2 incorrectly handled maliciously crafted SGML catalog files. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. (CVE-2025-8732) It was discovered that libxml2 incorrectly handled recursive include directories with the RelaxNG parser. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. (CVE-2026-0989) Nick Wellnhofer discovered that libxml2 incorrectly parsed catalogs with self-referencing URI delegates. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. (CVE-2026-0990) Nick Wellnhofer discovered that libxml2 inefficiently parsed catalogs linked with repeating nextCatalog elements. An attacker could possibly use this issue to cause libxml2 to use excessive resources, leading to a denial of service. (CVE-2026-0992) Update Instructions: Run sudo pro fix USN-7974-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.14+dfsg-1.3ubuntu3.7 libxml2-dev - 2.9.14+dfsg-1.3ubuntu3.7 libxml2-doc - 2.9.14+dfsg-1.3ubuntu3.7 libxml2-utils - 2.9.14+dfsg-1.3ubuntu3.7 python3-libxml2 - 2.9.14+dfsg-1.3ubuntu3.7 No subscription required
CVEs:

Assets 2

23 Jan 22:58

bosh-admin-bot

ubuntu-noble/v1.199

8d4d394

ubuntu noble v1.199

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 6.8.0-90.91

What Changed?

Full Changelog: ubuntu-noble/v1.189...ubuntu-noble/v1.199

USNs:

https://ubuntu.com/security/CVE-2025-13836

Title: USN-7954-1 -- Libtasn1 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7954-1
Priorities: low,medium
Description:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. (CVE-2025-13151) It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-46848) Update Instructions: Run sudo pro fix USN-7954-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6 - 4.19.0-3ubuntu0.24.04.2 libtasn1-6-dev - 4.19.0-3ubuntu0.24.04.2 libtasn1-bin - 4.19.0-3ubuntu0.24.04.2 libtasn1-doc - 4.19.0-3ubuntu0.24.04.2 No subscription required
CVEs:

Title: USN-7959-1 -- klibc vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7959-1
Priorities: low
Description:
It was discovered that zlib, vendored in klibc, did not properly handle integer arithmetic. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update Instructions: Run sudo pro fix USN-7959-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.13-4ubuntu0.2 libklibc - 2.0.13-4ubuntu0.2 libklibc-dev - 2.0.13-4ubuntu0.2 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2016-9843

Title: USN-7963-1 -- libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7963-1
Priorities: medium
Description:
It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22801) Update Instructions: Run sudo pro fix USN-7963-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.43-5ubuntu0.3 libpng-tools - 1.6.43-5ubuntu0.3 libpng16-16t64 - 1.6.43-5ubuntu0.3 No subscription required
CVEs:

Assets 2

23 Jan 22:59

bosh-admin-bot

ubuntu-jammy/v1.1028

08adec6

ubuntu jammy v1.1028

Metadata:

BOSH Agent Version: 2.799.0
Kernel Version: 5.15.0.164.159

What Changed?

Full Changelog: ubuntu-jammy/v1.1018...ubuntu-jammy/v1.1028

USNs:

Title: USN-7951-1 -- Python vulnerability
URL: https://ubuntu.com/security/notices/USN-7951-1
Priorities: medium
Description:
It was discovered that Python's http.client did not properly handle the Content-Length header in HTTP responses. A malicious server could exploit this to cause Python to allocate excessive memory, leading to a denial of service. Update Instructions: Run sudo pro fix USN-7951-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: idle-python3.10 - 3.10.12-1~~22.04.13 libpython3.10 - 3.10.12-1~~22.04.13 libpython3.10-dev - 3.10.12-1~~22.04.13 libpython3.10-minimal - 3.10.12-1~~22.04.13 libpython3.10-stdlib - 3.10.12-1~~22.04.13 libpython3.10-testsuite - 3.10.12-1~~22.04.13 python3.10 - 3.10.12-1~~22.04.13 python3.10-dev - 3.10.12-1~~22.04.13 python3.10-doc - 3.10.12-1~~22.04.13 python3.10-examples - 3.10.12-1~~22.04.13 python3.10-full - 3.10.12-1~~22.04.13 python3.10-minimal - 3.10.12-1~~22.04.13 python3.10-nopie - 3.10.12-1~~22.04.13 python3.10-venv - 3.10.12-1~~22.04.13 No subscription required idle-python3.11 - 3.11.0~~rc1-1~~22.04.1~~esm7 libpython3.11 - 3.11.0~~rc1-1~~22.04.1~~esm7 libpython3.11-dev - 3.11.0~~rc1-1~~22.04.1~~esm7 libpython3.11-minimal - 3.11.0~~rc1-1~~22.04.1~~esm7 libpython3.11-stdlib - 3.11.0~~rc1-1~~22.04.1~~esm7 libpython3.11-testsuite - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11 - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-dev - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-doc - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-examples - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-full - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-minimal - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-nopie - 3.11.0~~rc1-1~~22.04.1~~esm7 python3.11-venv - 3.11.0~~rc1-1~~22.04.1~~esm7 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2025-13836

Title: USN-7954-1 -- Libtasn1 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7954-1
Priorities: low,medium
Description:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. (CVE-2025-13151) It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-46848) Update Instructions: Run sudo pro fix USN-7954-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtasn1-6 - 4.18.0-4ubuntu0.2 libtasn1-6-dev - 4.18.0-4ubuntu0.2 libtasn1-bin - 4.18.0-4ubuntu0.2 libtasn1-doc - 4.18.0-4ubuntu0.2 No subscription required
CVEs:

Title: USN-7959-1 -- klibc vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7959-1
Priorities: low
Description:
It was discovered that zlib, vendored in klibc, did not properly handle integer arithmetic. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Update Instructions: Run sudo pro fix USN-7959-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: klibc-utils - 2.0.10-4ubuntu0.2 libklibc - 2.0.10-4ubuntu0.2 libklibc-dev - 2.0.10-4ubuntu0.2 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2016-9843

Title: USN-7963-1 -- libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7963-1
Priorities: medium
Description:
It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22801) Update Instructions: Run sudo pro fix USN-7963-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.37-3ubuntu0.3 libpng-tools - 1.6.37-3ubuntu0.3 libpng16-16 - 1.6.37-3ubuntu0.3 No subscription required
CVEs:

Assets 2

09 Jan 23:38

bosh-admin-bot

ubuntu-jammy/v1.1016

dcc7f0b

ubuntu jammy v1.1016

Metadata:

BOSH Agent Version: 2.794.0
Kernel Version: 5.15.0.164.159

USNs:

Title: USN-7946-1 -- GnuPG vulnerability
URL: https://ubuntu.com/security/notices/USN-7946-1
Priorities: high
Description:
It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code. Update Instructions: Run sudo pro fix USN-7946-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dirmngr - 2.2.27-3ubuntu2.5 gnupg - 2.2.27-3ubuntu2.5 gnupg-agent - 2.2.27-3ubuntu2.5 gnupg-l10n - 2.2.27-3ubuntu2.5 gnupg-utils - 2.2.27-3ubuntu2.5 gnupg2 - 2.2.27-3ubuntu2.5 gpg - 2.2.27-3ubuntu2.5 gpg-agent - 2.2.27-3ubuntu2.5 gpg-wks-client - 2.2.27-3ubuntu2.5 gpg-wks-server - 2.2.27-3ubuntu2.5 gpgconf - 2.2.27-3ubuntu2.5 gpgsm - 2.2.27-3ubuntu2.5 gpgv - 2.2.27-3ubuntu2.5 gpgv-static - 2.2.27-3ubuntu2.5 gpgv-win32 - 2.2.27-3ubuntu2.5 gpgv2 - 2.2.27-3ubuntu2.5 scdaemon - 2.2.27-3ubuntu2.5 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2025-68973

What's Changed

Revert "Add CloudInit step to vsphere agent settings" by @selzoc in #466

Full Changelog: ubuntu-jammy/v1.1015...ubuntu-jammy/v1.1016

Contributors

selzoc

Assets 2

08 Jan 23:03

bosh-admin-bot

ubuntu-noble/v1.188

55dce95

ubuntu noble v1.188

Metadata:

BOSH Agent Version: 2.794.0
Kernel Version: 6.8.0-90.91

USNs:

Title: USN-7916-1 -- python-apt vulnerability
URL: https://ubuntu.com/security/notices/USN-7916-1
Priorities: medium
Description:
Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-7916-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-apt-common - 2.7.7ubuntu5.1 python-apt-dev - 2.7.7ubuntu5.1 python-apt-doc - 2.7.7ubuntu5.1 python3-apt - 2.7.7ubuntu5.1 No subscription required
CVEs:

https://ubuntu.com/security/CVE-2025-6966

Title: USN-7919-1 -- GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7919-1
Priorities: medium
Description:
It was discovered that GNU binutils' dump_dwarf_section function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11081) It was discovered that GNU binutils incorrectly handled certain files. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 25.10. (CVE-2025-11082) It was discovered that GNU binutils incorrectly handled certain inputs. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue was only fixed in Ubuntu 25.10. (CVE-2025-11083) It was discovered that certain GNU binutils functions could be manipulated to perform out-of-bounds reads. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. (CVE-2025-11412, CVE-2025-11413, CVE-2025-11414) It was discovered that GNU binutils' _bfd_x86_elf_late_size_sections function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-11494) It was discovered that GNU binutils' elf_x86_64_relocate_section function could be manipulated to cause a heap-based buffer overflow. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue was only fixed in Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-11495) Update Instructions: Run sudo pro fix USN-7919-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.42-4ubuntu2.8 binutils-aarch64-linux-gnu - 2.42-4ubuntu2.8 binutils-alpha-linux-gnu - 2.42-4ubuntu2.8 binutils-arc-linux-gnu - 2.42-4ubuntu2.8 binutils-arm-linux-gnueabi - 2.42-4ubuntu2.8 binutils-arm-linux-gnueabihf - 2.42-4ubuntu2.8 binutils-common - 2.42-4ubuntu2.8 binutils-dev - 2.42-4ubuntu2.8 binutils-doc - 2.42-4ubuntu2.8 binutils-for-build - 2.42-4ubuntu2.8 binutils-for-host - 2.42-4ubuntu2.8 binutils-hppa-linux-gnu - 2.42-4ubuntu2.8 binutils-hppa64-linux-gnu - 2.42-4ubuntu2.8 binutils-i686-gnu - 2.42-4ubuntu2.8 binutils-i686-kfreebsd-gnu - 2.42-4ubuntu2.8 binutils-i686-linux-gnu - 2.42-4ubuntu2.8 binutils-ia64-linux-gnu - 2.42-4ubuntu2.8 binutils-loongarch64-linux-gnu - 2.42-4ubuntu2.8 binutils-m68k-linux-gnu - 2.42-4ubuntu2.8 binutils-multiarch - 2.42-4ubuntu2.8 binutils-multiarch-dev - 2.42-4ubuntu2.8 binutils-powerpc-linux-gnu - 2.42-4ubuntu2.8 binutils-powerpc64-linux-gnu - 2.42-4ubuntu2.8 binutils-powerpc64le-linux-gnu - 2.42-4ubuntu2.8 binutils-riscv64-linux-gnu - 2.42-4ubuntu2.8 binutils-s390x-linux-gnu - 2.42-4ubuntu2.8 binutils-sh4-linux-gnu - 2.42-4ubuntu2.8 binutils-source - 2.42-4ubuntu2.8 binutils-sparc64-linux-gnu - 2.42-4ubuntu2.8 binutils-x86-64-gnu - 2.42-4ubuntu2.8 binutils-x86-64-kfreebsd-gnu - 2.42-4ubuntu2.8 binutils-x86-64-linux-gnu - 2.42-4ubuntu2.8 binutils-x86-64-linux-gnux32 - 2.42-4ubuntu2.8 libbinutils - 2.42-4ubuntu2.8 libctf-nobfd0 - 2.42-4ubuntu2.8 libctf0 - 2.42-4ubuntu2.8 libgprofng0 - 2.42-4ubuntu2.8 libsframe1 - 2.42-4ubuntu2.8 No subscription required
CVEs:

Title: USN-7924-1 -- libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7924-1
Priorities: medium
Description:
It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64505) It was discovered that libpng incorrectly handled memory when processing 8-bit images through the simplified write API with 'convert_to_8bit' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted 8-bit PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64506) It was discovered that libpng incorrectly handled memory when processing palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64720) It was discovered that libpng incorrectly handled memory when processing 6-bit interlaced PNGs with 8-bit output format, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-65018) Update Instructions: Run sudo pro fix USN-7924-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.43-5ubuntu0.1 libpng-tools - 1.6.43-5ubuntu0.1 libpng16-16t64 - 1.6.43-5ubuntu0.1 No subscription required
CVEs:

Title: USN-7931-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7931-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018) Update Instructions: Run sudo pro fix USN-7931-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-cloud-tools-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-cloud-tools-gkeop - 6.8.0-1028.31 linux-cloud-tools-gkeop-6.8 - 6.8.0-1028.31 linux-gkeop - 6.8.0-1028.31 linux-gkeop-6.8 - 6.8.0-1028.31 linux-gkeop-cloud-tools-6.8.0-1028 - 6.8.0-1028.31 linux-gkeop-headers-6.8.0-1028 - 6.8.0-1028.31 linux-gkeop-tools-6.8.0-1028 - 6.8.0-1028.31 linux-headers-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-headers-gkeop - 6.8.0-1028.31 linux-headers-gkeop-6.8 - 6.8.0-1028.31 linux-image-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-image-gkeop - 6.8.0-1028.31 linux-image-gkeop-6.8 - 6.8.0-1028.31 linux-image-unsigned-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-modules-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-modules-extra-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-modules-extra-gkeop - 6.8.0-1028.31 linux-modules-extra-gkeop-6.8 - 6.8.0-1028.31 linux-tools-6.8.0-1028-gkeop - 6.8.0-1028.31 linux-tools-gkeop - 6.8.0-1028.31 linux-tools-gkeop-6.8 - 6.8.0-1028.31 No subscription required linux-buildinfo-6.8.0-1041-oracle - 6.8.0-1041.42 linux-buildinfo-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-headers-6.8.0-1041-oracle - 6.8.0-1041.42 linux-headers-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-headers-oracle-6.8 - 6.8.0-1041.42 linux-headers-oracle-64k-6.8 - 6.8.0-1041.42 linux-headers-oracle-64k-lts-24.04 - 6.8.0-1041.42 linux-headers-oracle-lts-24.04 - 6.8.0-1041.42 linux-image-6.8.0-1041-oracle - 6.8.0-1041.42 linux-image-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-image-oracle-6.8 - 6.8.0-1041.42 linux-image-oracle-64k-6.8 - 6.8.0-1041.42 linux-image-oracle-64k-lts-24.04 - 6.8.0-1041.42 linux-image-oracle-lts-24.04 - 6.8.0-1041.42 linux-image-unsigned-6.8.0-1041-oracle - 6.8.0-1041.42 linux-image-unsigned-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-modules-6.8.0-1041-oracle - 6.8.0-1041.42 linux-modules-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-modules-extra-6.8.0-1041-oracle - 6.8.0-1041.42 linux-modules-extra-6.8.0-1041-oracle-64k - 6.8.0-1041.42 linux-oracle-6.8 - 6.8.0-1041.42 linux-oracle-64k-6.8 - 6.8.0-1041.42 linux-oracle-64k-lts-24.04 - 6.8.0-1041.42 linux-oracle-headers-6.8.0-1041 - 6.8.0-1041.42 linux-oracle-lts-24.04 - 6.8.0-1041.42 linux-oracle-tools-6.8.0-1041 - 6.8.0-1041.42 linux-tools-6.8.0-1041-oracle - 6.8.0-1041.42 linux-tools-6.8.0-1041-oracl...

Contributors

ionphractal and fmoehler

Assets 2

Releases: cloudfoundry/bosh-linux-stemcell-builder

ubuntu noble v1.238

Metadata:

USNs:

Uh oh!

ubuntu jammy v1.1065

Metadata:

USNs:

Uh oh!

ubuntu noble v1.215

Metadata:

USNs:

Uh oh!

ubuntu jammy v1.1044

Metadata:

USNs:

Uh oh!

ubuntu jammy v1.1033

Metadata:

USNs:

What's Changed

Uh oh!

ubuntu noble v1.204

Metadata:

What's Changed

USNs:

Uh oh!

ubuntu noble v1.199

Metadata:

What Changed?

USNs:

Uh oh!

ubuntu jammy v1.1028

Metadata:

What Changed?

USNs:

Uh oh!

ubuntu jammy v1.1016

Metadata:

USNs:

What's Changed

Contributors

Uh oh!

ubuntu noble v1.188

Metadata:

USNs:

Contributors

Uh oh!