Skip to content

ubuntu jammy v1.1143

Choose a tag to compare

View all tags
@bosh-admin-bot bosh-admin-bot released this 09 Apr 15:31
· 163 commits to ubuntu-jammy since this release
ubuntu-jammy/v1.1143
28d7f6a

Known Issues:

  • The Warden CPI is unable to create VMs when using the bosh-warden-boshlite-ubuntu-jammy-go_agent variety of this stemcell. It will fail deploys with timeouts when pinging the VM. See #562 for more details.

Metadata:

BOSH Agent Version: 2.836.0
Kernel Version: 5.15.0.174.162

USNs:

Title: USN-8124-1 -- Bind vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8124-1
Priorities: medium
Description:
Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. (CVE-2026-1519) Vitaly Simonovich discovered that Bind incorrectly handled memory when preparing DNSSEC proofs of non-existence. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3104) Vitaly Simonovich discovered that Bind incorrectly handled authenticated queries containing TKEY records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3119) It was discovered that Bind incorrectly handled DNS queries signed with SIG(0). A remote attacker could possibly use this issue to bypass ACLs. This issue only affected Ubuntu 25.10. (CVE-2026-3591) Update Instructions: Run sudo pro fix USN-8124-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.18.39-0ubuntu0.22.04.3 bind9-dev - 1:9.18.39-0ubuntu0.22.04.3 bind9-dnsutils - 1:9.18.39-0ubuntu0.22.04.3 bind9-doc - 1:9.18.39-0ubuntu0.22.04.3 bind9-host - 1:9.18.39-0ubuntu0.22.04.3 bind9-libs - 1:9.18.39-0ubuntu0.22.04.3 bind9-utils - 1:9.18.39-0ubuntu0.22.04.3 bind9utils - 1:9.18.39-0ubuntu0.22.04.3 dnsutils - 1:9.18.39-0ubuntu0.22.04.3 No subscription required
CVEs:

Title: USN-8129-1 -- pyasn1 vulnerability
URL: https://ubuntu.com/security/notices/USN-8129-1
Priorities: medium
Description:
It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to consume resources, leading to a denial of service. Update Instructions: Run sudo pro fix USN-8129-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pypy-pyasn1 - 0.4.8-1ubuntu0.2 python-pyasn1-doc - 0.4.8-1ubuntu0.2 python3-pyasn1 - 0.4.8-1ubuntu0.2 No subscription required
CVEs:

Title: USN-8133-1 -- PyJWT vulnerability
URL: https://ubuntu.com/security/notices/USN-8133-1
Priorities: medium
Description:
It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update Instructions: Run sudo pro fix USN-8133-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-jwt - 2.3.0-1ubuntu0.3 No subscription required
CVEs:

What's Changed

Full Changelog: ubuntu-jammy/v1.1123...ubuntu-jammy/v1.1143

Contributors

aramprice, mkocher, and julian-hj
Assets 2
Loading