{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libcap2", "libcap2-bin", "python3-distupgrade", "snapd", "ubuntu-pro-client", "ubuntu-release-upgrader-core" ] } }, "diff": { "deb": [ { "name": "libcap2", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-7ubuntu2", "version": "1:2.75-7ubuntu2" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-7ubuntu2.2", "version": "1:2.75-7ubuntu2.2" }, "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file()", " - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c,", " progs/quicktest.sh.", " - CVE-2026-4878", "" ], "package": "libcap2", "version": "1:2.75-7ubuntu2.2", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 09 Apr 2026 11:04:10 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcap2-bin", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-7ubuntu2", "version": "1:2.75-7ubuntu2" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-7ubuntu2.2", "version": "1:2.75-7ubuntu2.2" }, "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file()", " - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c,", " progs/quicktest.sh.", " - CVE-2026-4878", "" ], "package": "libcap2", "version": "1:2.75-7ubuntu2.2", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 09 Apr 2026 11:04:10 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.10.8", "version": "1:25.10.8" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.10.9", "version": "1:25.10.9" }, "cves": [], "launchpad_bugs_fixed": [ 2146830 ], "changes": [ { "cves": [], "log": [ "", " * all: clean forgotten -m references (LP: #2146830)", " * DistUpgrade: correct version number in EOL announcements", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.10.9", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2146830 ], "author": "Nick Rosbrook ", "date": "Mon, 30 Mar 2026 15:13:41 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu25.10.1", "version": "2.73+ubuntu25.10.1" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu25.10.4", "version": "2.74.1+ubuntu25.10.4" }, "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2138629, 2141328, 2139611, 2139300, 2139099, 2141607, 2116949, 2068493, 2134364, 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704 ], "changes": [ { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "log": [ " ", " * New upstream release, LP: #2138629", " - FDE: secboot fixes", " - Security: CVE-2026-3888", " - Packaging: fix deb package version number", " - Packaging: fix autopkgtest failure to install spread", " - Packaging: revert dropping transitional packages", "" ], "package": "snapd", "version": "2.74.1+ubuntu25.10.4", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2138629 ], "author": "Ernest Lotter ", "date": "Thu, 02 Apr 2026 08:44:00 +0200" }, { "cves": [], "log": [ "", " - FDE: measure DeployedMode and AuditMode variables if they appear", " as disabled in the event log to avoid a potential reseal-failure", " boot loop", " - LP: #2141328 FDE: reuse preinstall check context during install to", " account for user-ignored errors", " - LP: #2139611 FDE: fix db updates by allowing multiple payloads", " - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising", " memory lock limit when required", " - LP: #2139099 snap-confine: bump the max element count of the BPF", " map used to store IDs of allowed/matched devices to 1000", " - LP: #2141607 Desktop: revert change that caused user daemons", " declaring the desktop plug to implicitly depend on graphical-", " session.target", " - Interfaces: Added pidfd_open and memfd_secret to seccomp template", " - Interfaces: camera | add locking permission for /dev/video", "" ], "package": "snapd", "version": "2.74.1+ubuntu25.10", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2141328, 2139611, 2139300, 2139099, 2141607 ], "author": "Ernest Lotter ", "date": "Thu, 12 Feb 2026 21:27:23 +0200" }, { "cves": [], "log": [ "", " - FDE: use new activation API from secboot", " - FDE: use activation API also with non keydata keys", " - FDE: ignore internal recovery key expiration during install", " - FDE: support adding/removing PINs post-installation", " - FDE: support changing PINs post-installation", " - FDE: support adding a recovery key post-installation", " - FDE: provide activation status via new endpoint v2/system-", " info/storage-encrypted", " - FDE: support sealing and resealing using the preinstall check", " result", " - FDE: disable passphrase support during install", " - FDE: add keyboard configuration helpers", " - FDE: lazily inject keyboard layout configuration in kernel cmdline", " - FDE: enable pin tries and limits PIN entry attempts to 3", " - FDE: extend secureboot endpoint to accept DB, KEK, and PK", " - FDE: simplify /v2/system-volumes keyslots handling by allowing", " name-only entries, implicitly expanding to all system containers", " - FDE: support extra non-system key slot names to support agents", " such as Landscape to set dedicated recovery keys", " - FDE: initialize fde state after device state", " - FDE: use device node to find the storage container and keys", " - FDE: provide user visible name for disk based on ID_MODEL", " - FDE: update secboot in snapd with latest additions and fixes", " - core-initrd: add systemd service for setting plymouth keyboard", " layout and X11 keyboard layouts", " - core-initrd: set plymouth cleartext toggle option", " - core-initrd: fix plymouth missing font issue", " - core-initrd: update dependency from libteec1 to libteec2", " - core-initrd: add new dlopened libs", " - LP: #2116949 Preseeding: add support for preseeding of hybrid", " systems via the installer API$", " - Preseeding: check whether a path is a mountpoint before remounting", " - Confdb: support tagging paths as secret in storage schemas", " - Confdb: support filtering on placeholder sub-keys", " - Confdb: support filtering in API and confdbstate", " - Confdb: support field filtering on reads", " - Confdb: support \"parameters\" stanza and check filters against them", " - Confdb: add support for '--with' contraints", " - Confdb: parsing fixes and error handling improvements", " - Assertions: restrict serials to new format in confdb-control", " - Assertions: add verify signature function", " - Remote device management: modify request-message assertion to", " expose its time constraints for remote device management", " - Remote device management: support polling of store messages", " - Remote device management: add signing of response messages with", " device key", " - Prompting: enable notify protocol v5 and test prompt restoration", " after snapd restart", " - snap: change malformed '--channel=' warning to error", " - snap: add 'snap report-issue' command to get the available contact", " details for the specified snap", " - snap: add 'snap version --verbose' flag to include information on", " snap binaries origin", " - snap: create the XDG_RUNTIME_DIR folder", " - LP: #2068493 snap: add support for 'snap refresh --tracking'", " - snapctl: add '--tracking' flag to 'snapctl refresh'", " - Reexec: include the info filepath in the version compare debug log", " - Reexec: add support for forcing reexec into and older snapd snap", " by setting SNAP_REEXEC=force in the environment", " - snap-confine: correct error message related to snap-confine group", " policy validation", " - snap-confine: ensure we only mount existing directories", " - LP: #2134364 snap-confine: handle potential race when creating", " /tmp/snap-private-tmp when lacking systemd-tmpfiles support", " - snap-confine: filter plus characters from security tags", " - Desktop: use desktop file IDs as desktop IDs", " - Desktop: store the common ID in the desktop file", " - Desktop: allow graphical daemons to show icons in the dock", " - Desktop: change user daemons with desktop plug defined to depend", " on graphical-session.target", " - dm-verity for essential snaps: made change to prerequisite struct", " - Cross-distro: modify SELinux profile to allow connecting to squid", " proxy", " - Cross-distro: add support for migrating snap mount directory", " - Packaging: drop ubuntu-14.04 packaging", " - Packaging: drop ubuntu-{14.04,16.04} transitional binary packages", " - Packaging: remove desktop files and state lock file during snapd", " purge", " - Packaging: fix inhibition hint file being left behind on failed", " unlink-current-snap", " - Disallow timeouts < 1us in systemd units", " - Add snap-store to the user-daemons support overrides", " - Support for SuccessExitStatus= generation for systemd daemon", " - Make standby output more verbose", " - Add prepare-serial-request hook", " - Try to discard snap mount namespaces when no processes are running", " during snap updates", " - Improve handling of snap downloads cache by introducing periodic", " cleanup with more aggressive policy", " - Interfaces: mediatek-accel | create new interface", " - Interfaces: nvidia-video-driver-libs | create new interface", " - Interfaces: *-driver-libs | accept component paths", " - Interfaces: desktop-legacy, unity7 | remove workaround for slash", " filtering in ibus address", " - Interfaces: fwupd | allow writing reboot notification in /run", " - Interfaces: add 'install' coreutil to base AppArmor template", " - Interfaces: u2f-devices | add apparmor permissions to allow the", " use of the libfido2 library in snaps", " - Interfaces: u2f-devices | add support for Thetis security key", " - Interfaces: add AppArmor workaround for mmap MAP_HUGETLB", " - Interfaces: timeserver-control | manage per-link ntp settings via", " systemd-networkd", "" ], "package": "snapd", "version": "2.74+ubuntu25.10", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2116949, 2068493, 2134364 ], "author": "Ernest Lotter ", "date": "Tue, 20 Jan 2026 18:54:17 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2124239", " - FDE: support replacing TPM protected keys at runtime via the", " /v2/system-volumes endpoint", " - FDE: support secboot preinstall check fix actions for 25.10+", " hybrid installs via the /v2/system/{label} endpoint", " - FDE: tweak polkit message to remove jargon", " - FDE: ensure proper sealing with kernel command line defaults", " - FDE: provide generic reseal function", " - FDE: support using OPTEE for protecting keys, as an alternative to", " existing fde-setup hooks (Ubuntu Core only)", " - Confdb: 'snapctl get --view' supports passing default values", " - Confdb: content sub-rules in confdb-schemas inherit their parent", " rule's \"access\"", " - Confdb: make confdb error kinds used in API more generic", " - Confdb: fully support lists and indexed paths (including unset)", " - Prompting: add notice backend for prompting types (unused for now)", " - Prompting: include request cgroup in prompt", " - Prompting: handle unsupported xattrs", " - Prompting: add permission mapping for the camera interface", " - Notices: read notices from state without state lock", " - Notices: add methods to get notice fields and create, reoccur, and", " deepcopy notice", " - Notices: add notice manager to coordinate separate notice backends", " - Notices: support draining notices from state when notice backend", " registered as producer of a particular notice type", " - Notices: query notice manager from daemon instead of querying", " state for notices directly", " - Packaging: Ubuntu | ignore .git directory", " - Packaging: FIPS | bump deb Go FIPS to 1.23", " - Packaging: snap | bump FIPS toolchain to 1.23", " - Packaging: debian | sync most upstream changes", " - Packaging: debian-sid | depends on libcap2-bin for postint", " - Packaging: Fedora | drop fakeroot", " - Packaging: snap | modify snapd.mk to pass build tags when running", " unit tests", " - Packaging: snap | modify snapd.mk to pass nooptee build tag", " - Packaging: modify Makefile.am to fix snap-confine install profile", " with 'make hack'", " - Packaging: modify Makefile.am to fix out-of-tree use of 'make", " hack'", " - LP: #2122054 Snap installation: skip snap icon download when", " running in a cloud or using a proxy store", " - Snap installation: add timeout to http client when downloading", " snap icon", " - Snap installation: use http(s) proxy for icon downloads", " - LP: #2117558 snap-confine: fix error message with /root/snap not", " accessible", " - snap-confine: fix non-suid limitation by switching to root:root to", " operate v1 freezer", " - core-initrd: do not use writable-paths when not available", " - core-initrd: remove debian folder", " - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev", " interface now with the more robust gpio-aggregator configfs kernel", " interface", " - Interfaces: gpio-chardev | exclusive snap connections, raise a", " conflict when both gpio-chardev and gpio are connected", " - Interfaces: gpio-chardev | fix gpio-aggregator module load order", " - Interfaces: ros-snapd-support | grant access to /v2/changes", " - Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,", " opengl-driver-libs, opengles-driver-libs | new interfaces to", " support nvidia driver components", " - Interfaces: microstack-support | allow DPDK (hugepage related", " permissions)", " - Interfaces: system-observe | allow reading additional files in", " /proc, needed by node-exporter", " - Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key", " and Kensington VeriMark DT Fingerprint Key to device list", " - Interfaces: snap-interfaces-requests-control | allow shell API", " control", " - Interfaces: fwupd | allow access to Intel CVS sysfs", " - Interfaces: hardware-observe | allow read access to Kernel", " Samepage Merging (KSM)", " - Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP", " - Interfaces: spi | relax sysfs permission rules to allow access to", " SPI device node attributes", " - Interfaces: content | introduce compatibility label", " - LP: #2121238 Interfaces: do not expose Kerberos tickets for", " classic snaps", " - Interfaces: ssh-public-keys | allow ro access to public host keys", " with ssh-key", " - Interfaces: Modify AppArmor template to allow listing systemd", " credentials and invoking systemd-creds", " - Interfaces: modify AppArmor template with workarounds for Go 1.35", " cgroup aware GOMAXPROCS", " - Interfaces: modify seccomp template to allow landlock_*", " - Prevent snap hooks from running while relevant snaps are unlinked", " - Make refreshes wait before unlinking snaps if running hooks can be", " affected", " - Fix systemd unit generation by moving \"WantedBy=\" from section", " \"unit\" to \"install\"", " - Add opt-in logging support for snap-update-ns", " - Unhide 'snap help' sign and export-key under Development category", " - LP: #2117121 Cleanly support socket activation for classic snap", " - Add architecture to 'snap version' output", " - Add 'snap debug api' option to disable authentication through", " auth.json", " - Show grade in notes for 'snap info --verbose'", " - Fix preseeding failure due to scan-disk issue on RPi", " - Support 'snap debug api' queries to user session agents", " - LP: #2112626 Improve progress reporting for snap install/refresh", " - Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files", " - Fix /v2/apps error for root user when user services are present", " - LP: #2114704 Extend output to indicate when snap data snapshot was", " created during remove", " - Improve how we handle emmc volumes", " - Improve handling of system-user extra assertions", "" ], "package": "snapd", "version": "2.72", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704 ], "author": "Ernest Lotter ", "date": "Thu, 18 Sep 2025 10:00:54 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37.1ubuntu0~25.10", "version": "37.1ubuntu0~25.10" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37.2ubuntu~25.10", "version": "37.2ubuntu~25.10" }, "cves": [], "launchpad_bugs_fixed": [ 2131292 ], "changes": [ { "cves": [], "log": [ "", " * d/apparmor/ubuntu_pro_esm_cache.jinja2: fix \"DENIED\" messages when", " devicetree exists (LP: #2131292)", "" ], "package": "ubuntu-advantage-tools", "version": "37.2ubuntu~25.10", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131292 ], "author": "Renan Rodrigo ", "date": "Tue, 07 Apr 2026 15:18:57 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.10.8", "version": "1:25.10.8" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:25.10.9", "version": "1:25.10.9" }, "cves": [], "launchpad_bugs_fixed": [ 2146830 ], "changes": [ { "cves": [], "log": [ "", " * all: clean forgotten -m references (LP: #2146830)", " * DistUpgrade: correct version number in EOL announcements", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:25.10.9", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2146830 ], "author": "Nick Rosbrook ", "date": "Mon, 30 Mar 2026 15:13:41 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20260415 to 20260422", "from_series": "questing", "to_series": "questing", "from_serial": "20260415", "to_serial": "20260422", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }